The present invention relates to Internet security, and more specifically, to providing secure access to online accounts.
The security of account access via the Internet is a key concern for organizations that provide sensitive business services online. As widely reported in the media, user account information is regularly stolen by unscrupulous people using various malicious methods and activities. For example, a user may receive a phishing e-mail, which seemingly appears to be from his/her bank, asking the user to change his/her password due to recent and well publicized security breach. The phishing e-mail typically will provide a spoof link which appears to be a hyperlink to the user's bank, but in actuality is a hyperlink to a malicious website configured to look like the website of the user's bank. If the user selects the spoof link and provides his/her user ID and password to access the website, the user ID and password are then stolen by the website. Operators of such malicious websites typically use the stolen user ID and password to access the user's actual bank account, or sell the stolen user ID and password to other unscrupulous people who intend to do the same.